[gptalk] Re: Start-Up Script policy

From: "Shane Williford" <shane.williford@xxxxxxxxxx>

To: <gptalk@xxxxxxxxxxxxx>

Date: Tue, 4 Mar 2008 07:24:23 -0600

Hmm...thanks Steve, but a log-in script solution probably won't be the
best for us. We have a log-in script for our domain certainly, but the
solution I am more interested in is 1. for only our laptop users and 2.
only when those laptop users are not connected to the domain. Maybe I'm
just unaware of the full functionality of what "auto-detect" does? We
have our proxy settings done via GP for everyone. Are you suggesting to
manipulate proxy via log-in script?
Shane
Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
shane.williford@xxxxxxxxxx
816-361-4194 x6012
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Steve Rochford
Sent: Tuesday, March 04, 2008 7:07 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Start-Up Script policy
Bit of VBscript from our login script to turn on "auto-detect". This
will run silently. If you want to use regedit then stick /s after it in
your batch file.
dim binArray(1024)
Const HKEY_CURRENT_USER = &H80000001
Set objRegistry = GetObject("winmgmts://./root/default:StdRegProv")
sPath="Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections"
lRC = objRegistry.GetBinaryValue(HKEY_CURRENT_USER, sPath,
"DefaultConnectionSettings", binArray)
binArray(8)=9
lRC = objRegistry.SetBinaryValue(HKEY_CURRENT_USER, sPath,
"DefaultConnectionSettings", binArray)
As far as I can work out, you just need to sit location 8 (counting from
0) to value 9 to get the "auto-detect settings" checked.
Steve
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Shane Williford
Sent: 04 March 2008 12:44
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Start-Up Script policy
Enforced per-machine proxy? Well, I set it up in GP, if that's what you
mean. This batch file is something I'm going to have to manually add to
my laptop users' local policy, which stinks, but no other way around it
really. Here's my reg file, Jamie:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
"EnableAutoProxyResultCache"=dword:00000000
"EnableNegotiate"=dword:00000000
"ProxyEnable"=dword:00000000
"AutoConfigURL"=""
"ProxyServer"=""
"ProxyOverride"="<local>"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections]
"DefaultConnectionSettings"=hex:3c,00,00,00,1f,00,00,00,01,00,00,00,00,0
0,00,
00,00,00,00,00,00,00,00,00,01,00,00,00,1f,00,00,00,68,74,74,70,3a,2f,2f,
31,
34,34,2e,31,33,31,2e,32,32,32,2e,31,36,37,2f,77,70,61,64,2e,64,61,74,90,
0e,
1e,66,d3,88,c5,01,01,00,00,00,8d,a8,4e,9e,00,00,00,00,00,00,00,00
It took some real digging to get that last part, which deselects the
Automatic Detect Settings check box (didn't want to disable it, which I
know there's a much shorter entry for that...more of knowledge thing
than a preference or need). You know...I think I placed this bat file in
the Comp Config start-up script area, which won't work because of being
user settings (thanks Steve!). I'll try placing this on the User side
and test it out. And, if anyone knows how to run batches in "silent
mode", please share...thanks.
Shane
Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
shane.williford@xxxxxxxxxx
816-361-4194 x6012
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R
Sent: Monday, March 03, 2008 3:58 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Start-Up Script policy
That should work assuming you have actually enforced per-machine proxy
settings, otherwise you need to run it as a logon script in your local
policy. What do you have in your .reg file?
Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/>
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Steve Rochford
Sent: Monday, March 03, 2008 3:56 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Start-Up Script policy
If this is machine startup then it won't work - proxy settings are user
specific so need to be set by a logon script rather than a startup
script.
Not sure if that's going to work as a local policy but I must admit that
I've never tried :-)
Can you use automatic configuration for the proxy - probably easier to
get working
Steve
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Shane Williford
Sent: Monday, March 03, 2008 3:33 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Start-Up Script policy
I'm pinging a computer on our domain. If the ping succeeds the script
ends; if it fails, I want to run a reg file that disables proxy
settings. I know it didn't run because I checked my proxy settings in IE
and they were enabled. I want them (through my reg file) to be disabled.
This method is how I'm resolving disabling proxy settings for my laptop
users who need to connect to the Internet while not at work.
This is the batch file I created:
@echo off
ping hostcomputer.domain
if errorlevel 1 goto disableIEProxy
goto done
:disableIEProxy
REGEDIT /S "C:\Support\DisableIEProxy.reg"
:done
I think my problem is that the cmd box is displaying (or wants to). When
I run the batch file by itself, it works, but displays the cmd window. I
can run the reg file silently, but how do I configure the "ping" part of
my file to run silently. Oh, btw, if you haven't figured it out, I'm a
neophyte scripter. :-)
Any assistance in my scripting inabilities is very much welcomed.
Thanks guys!
Shane
Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
shane.williford@xxxxxxxxxx
816-361-4194 x6012
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Jakob H. Heidelberg
Sent: Monday, March 03, 2008 3:12 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Start-Up Script policy
And how about security/share permissions - did you make sure to add
"Authenticated Users" or "Domain Computers" to the NTFS & share
permissions (assuming you are running the script from a network
location).
Remember the credentials used are "SYSTEM" - which is the same as
running in "computer context"... Could this be the problem?
/Jakob H. Heidelberg
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R
Sent: 3. marts 2008 21:39
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Start-Up Script policy
How do you know it didn't run? What is the script trying to do?
Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/>
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Shane Williford
Sent: Monday, March 03, 2008 2:36 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Start-Up Script policy
Hmm...that's what I thought, but it didn't work. The batch file works,
but it didn't 'run' when I added it as a start-up script in the Local
Security Policy....hmm....back to the drawing board. :-)
Thanks Jamie!
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R
Sent: Monday, March 03, 2008 2:33 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Start-Up Script policy
Should work with any standard executable script (.bat, .cmd, .vbs, etc.)
Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/>
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Shane Williford
Sent: Monday, March 03, 2008 2:24 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Start-Up Script policy
I created a start-up script to check if my computers are on the domain
and want to add-it to the Local Policy. Does Start-Up scripting policy
area only work with VBS files? The one I created is a batch file.
Thanks!
Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
shane.williford@xxxxxxxxxx
816-361-4194 x6012
Notice: The information transmitted in this e-mail may contain
confidential and/or legally privileged information intended only for the
use of the individual(s) named above. Review, use, disclosure,
distribution, or forwarding of this information by persons or entities
other than the intended recipient(s) is prohibited by law and may
subject them to criminal or civil liabilities. Statements and opinion
expressed in this e-mail may not represent those of Mazuma Credit Union.
All e-mail communications through Mazuma's corporate email system are
subject to archiving and review by someone other than the recipient. If
you have received this communication in error, please notify the sender
immediately and delete/destroy any and all copies of the original
message from any computer or network system.
_____
This e-mail may contain identifiable health information that is subject
to protection under state and federal law. This information is intended
to be for the use of the individual named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited and may be
punishable by law. If you have received this electronic transmission in
error, please notify us immediately by electronic mail (reply).
NOTICE: The information transmitted in this e-mail may contain confidential
and/or legally privileged information intended only for the use of the
individual(s) named above. Review, use, disclosure, distribution, or forwarding
of this information by persons or entities other than the intended recipient(s)
is prohibited by law and may subject them to criminal or civil liabilities.
Statements and opinion expressed in this e-mail may not represent those of
Mazuma Credit Union. All e-mail communications through Mazuma's corporate email
system are subject to archiving and review by someone other than the recipient.
If you have received this communication in error, please notify the sender
immediately and delete/destroy any and all copies of the original message from
any computer or network system.